PetitTeton/app/routes.js

var ejs = require('ejs');
var fs = require('fs');
var path = require('path');
var adminPath;

//Notes:
//Use res.send or res.sendFile for static resources (like images or html)
//Use res.send(ejs.render(htmlStr, viewArgs)) to manually render EJS files
//Use res.render("my.ejs", {root: adminPath}) to render EJS files (if you have setup the ejs renderer

module.exports = function(app, rootPath, passport, smtpTransport, sequelize) {
	adminPath = path.join(rootPath, 'admin');

    // =====================================
    // HOME PAGE (with login links)
    // =====================================
    //app.get('/', isLoggedIn, function(req, res) {
    //    res.render('index.ejs'); // load the index.ejs file
    //});
	//Handle the root being requested, and the search engine requesting a static page with content.
	app.get('/', function(req, res) {
		try {
			//Note: This is for search engines.
			if(typeof(req.query._escaped_fragment_) !== "undefined") {
				console.log("Search Engine Detected");
				var viewArgs = {};  //What args to use for a search engine?
				
				//The DIY method which is somewhat brittle since it relies on <!--CONTENT--> existing in the index file, and it replaces that with the contents of the passed parameter (what is after the #!) for the content html which is inserted into the index file in place of <!--CONTENT-->.
				fs.readFile(rootPath + '/index.html', {encoding: "UTF8"}, function(err, indexContent) {
					if(!err) {
						var file = rootPath + '/' + req.query._escaped_fragment_ + '.html';
						
						fs.readFile(file, {encoding: "UTF8"}, function(err, content) {
							if(!err) {
								//Non-regex method.//
								if(content.indexOf("<runonce>") != -1 && content.indexOf("</runonce>") != -1) {
									content = content.substr(0, content.indexOf("<runonce>")) + content.substr(content.indexOf("</runonce>") + 10, -1);
								}
								//Doesn't work?  Not sure why.  Works in the regex test tools.//
								//content = content.replace(/<runonce>(.|\n)*?<\x2frunonce>/, " ");
								
								//Doesn't work?  Based on the regex failure above, I think that replace is failing.//
								var html = indexContent.replace(/<!--CONTENT-->/g, content);
								
								//console.log(html);
								//res.send(ejs.render(html, viewArgs));
								res.send(html);
							}
							else console.log("Error reading the content file '" + file + "'.  " + err);
						});
					}
					else console.log("Error reading the index.html file.  " + err);
				});
			}
			else {
				//res.render("index.html", {root: rootPath});
				res.sendFile("index.html", {root: rootPath});
			}
		} catch(e) {
			console.log(e);
		}
	});

	app.get('/admin', isLoggedIn, function(req, res) {
		try {
			//Note: This is for search engines.
			if(typeof(req.query._escaped_fragment_) !== "undefined") {
				var viewArgs = {};  //What args to use for a search engine?

				//The DIY method which is somewhat brittle since it relies on <!--CONTENT--> existing in the index file, and it replaces that with the contents of the passed parameter (what is after the #!) for the content html which is inserted into the index file in place of <!--CONTENT-->.
				fs.readFile(adminPath + '/index.ejs', {encoding: "UTF8"}, function(err, indexContent) {
					if(!err) {
						var file = adminPath + '/' + req.query._escaped_fragment_ + '.ejs';

						fs.readFile(file, {encoding: "UTF8"}, function(err, content) {
							if(!err) {
								//Non-regex method.//
								if(content.indexOf("<runonce>") != -1 && content.indexOf("</runonce>") != -1) {
									content = content.substr(0, content.indexOf("<runonce>")) + content.substr(content.indexOf("</runonce>") + 10, -1);
								}
								//Doesn't work?  Not sure why.  Works in the regex test tools.//
								//content = content.replace(/<runonce>(.|\n)*?<\x2frunonce>/, " ");

								//Doesn't work?  Based on the regex failure above, I think that replace is failing.//
								var html = indexContent.replace(/<!--CONTENT-->/g, content);

								//console.log(html);
								res.send(ejs.render(html, viewArgs));
							}
							else console.log("Error reading the content file '" + file + "'.  " + err);
						});
					}
					else console.log("Error reading the index.ejs file.  " + err);
				});
			}
			else {
				//console.log("Looking for index.ejs in " + adminPath);
				//res.render("index.ejs", {root: adminPath});
				res.render(path.join(adminPath, req.baseUrl, "index"));
			}
		} catch(e) {console.log(e);}
	});
	
	app.use('/ContactUs', function(req, res) {
		try {
			var firstName = req.body.FirstName;
			var lastName = req.body.LastName;
			var email = req.body.Email;
			var message = req.body.Text;
			var params = {from: config.fromAddress, to: config.contactUsRecipient, subject: "Contact Us", text: "A user has commented via the Petit Teton website.\n\nFirst Name: " + firstName + "\nLast Name: " + lastName + "\nEmail: " + email + "\n" + message};
			
			smtpTransport.sendMail(params, function(error, response) {
				if(error) {
					try {
						console.log("Received an error while sending the contact us email to the admin.  " + error);
						fs.appendFile(rootPath + '/emailFailures.txt', JSON.stringify(params) + '\n', function(err) {if(err) {console.log("Failed to write email data to file! (contact us)");}});
					} catch(e) {console.log(e);}
				}
			});
			
			res.status(200).send('success');
		} catch(e) {console.log(e);}
	});

    // =====================================
    // LOGIN
    // =====================================
    // show the login form
    app.get('/admin/login', function(req, res) {
        // render the page and pass in any flash data if it exists
        res.render(path.join(adminPath, req.baseUrl, 'login.ejs'), { message: req.flash('loginMessage') });
    });

    // process the login form
    app.post('/admin/login', passport.authenticate('local-login', {successRedirect: '/admin', failureRedirect: '/admin/login', failureFlash: true}));

    // =====================================
    // SIGNUP
    // =====================================
    // show the signup form
	/* Turned off since only admin users can add admin users.
    app.get('/admin/signup', function(req, res) {

        // render the page and pass in any flash data if it exists
        res.render(path.join(adminPath, req.baseUrl, 'signup.ejs'), { message: req.flash('signupMessage') });
    });
	
	app.post('/admin/signup', passport.authenticate('local-signup', {successRedirect: '/admin', failureRedirect: '/admin/signup', failureFlash: true}));
	*/
    // =====================================
    // PROFILE SECTION
    // =====================================
    // we will want this protected so you have to be logged in to visit
    // we will use route middleware to verify this (the isLoggedIn function)
    app.get('/admin/profile', isLoggedIn, function(req, res) {
        res.render(path.join(adminPath, req.baseUrl, 'profile.ejs'), {
            user : req.user // get the user out of session and pass to template
        });
    });

    // =====================================
    // LOGOUT
    // =====================================
    app.get('/admin/logout', function(req, res) {
        req.logout();
        res.redirect('/');
    });

	// Check for an ejs first even if an html is requested.
	app.get('/admin/**/*.html', isLoggedIn, function(req, res) {
		var ejs = req.path.substring(0, req.path.length - 4) + ".ejs";
		
		//console.log("Checking for an ejs: " + ejs);
		
		fs.stat(ejs, function(err, stats) {
			if(!err) {
				res.render(ejs);
			}
			else {
				res.sendFile(req.path);
			}
		});
	});

	app.get('/admin/user/list', isLoggedIn, function(req, res) {
		try {
			if(req.user.admin) {
				sequelize.models.User.findAll().then(function(values) {
					res.json(values);
				});
			}
			else {
				//TODO: Return some kind of error.
				res.status(400).end();
			}
		}
		catch(e) {console.log(e);}
	});

	app.post('/admin/user/create', isLoggedIn, function(req, res) {
		try {
			if(req.user.admin) {
				var login = req.body.login;
				var password = req.body.password;

				sequelize.models.User.create({
					login: login,
					password: sequelize.models.User.generateHash(password),
					admin: true
				}).then(function(user) {
					res.json({result: 'success'});
				}).catch(function(err) {
					console.log(err);
					res.json({result: 'duplicate'});
				});
			}
		} catch(e) {console.log(e);}
	});

	app.post('/admin/user/delete', isLoggedIn, function(req, res) {
		try {
			if(req.user.admin) {
				var userId = req.body.id;

				/* This isn't quite right.. the return of user.destroy() causes problems if the user is not found.  Regardless, it is cleaner code to user the class method to destroy the instance rather than load it just to destroy it.
				sequelize.models.User.findById(userId, {}).then(function(user) {
					if(user) {
						return user.destroy();
					}
					else {
						res.json({result: 'failure'});
					}
				}).then(function() {
					res.json({result: 'success'});
				}).catch(function(err) {
					console.log(err);
					res.json({result: 'failure'});
				});
				*/
				sequelize.models.User.destroy({where: {id: userId}}).then(function(count) {
					if(count == 1) {
						res.json({result: 'success'});
					}
					else {
						res.json({result: 'failure'});
					}
				}).catch(function(err) {
					console.log(err);
					res.json({result: 'failure'});
				});
			}
		} catch(e) {console.log(e);}
	});

	app.post('/admin/user/changeLogin', isLoggedIn, function(req, res) {
		try {
			if(req.user.admin) {
				var userId = req.body.id;
				var login = req.body.login;

				sequelize.models.User.findById(userId, {}).then(function(user) {
					user.login = login;
					return user.save();
				}).then(function() {
					res.json({result: 'success'});
				}).catch(function(err) {
					console.log(err);
					res.json({result: 'failure'});
				});
			}
		} catch(e) {console.log(e);}
	});

	app.post('/admin/user/resetPassword', isLoggedIn, function(req, res) {
		try {
			if(req.user.admin) {
				var userId = req.body.id;
				var password = req.body.password;

				sequelize.models.User.findById(userId, {}).then(function(user) {
					user.password = sequelize.models.User.generateHash(password);
					return user.save();
				}).then(function() {
					res.json({result: 'success'});
				}).catch(function(err) {
					console.log(err);
					res.json({result: 'failure'});
				});
			}
		} catch(e) {console.log(e);}
	});

	app.get('/admin/venues/list', isLoggedIn, function(req, res) {
		try {
			var showDeleted = req.query.showDeleted == 'true';

			sequelize.models.Venue.findAll({paranoid: !showDeleted}).then(function(values) {
				res.json(values);
			});
		}
		catch(e) {console.log(e);}
	});

	app.post('/admin/venues/create', isLoggedIn, function(req, res) {
		try {
			if(req.user.admin) {
				var name = req.body.name;

				sequelize.models.Venue.create({
					name: name
				}).then(function(user) {
					res.json({result: 'success'});
				}).catch(function(err) {
					console.log(err);
					res.json({result: 'duplicate'});
				});
			}
		} catch(e) {console.log(e);}
	});

	app.post('/admin/venues/delete', isLoggedIn, function(req, res) {
		try {
			if(req.user.admin) {
				var id = req.body.id;

				sequelize.models.Venue.destroy({where: {id: id}}).then(function(count) {
					if(count == 1) {
						res.json({result: 'success'});
					}
					else {
						res.json({result: 'failure'});
					}
				}).catch(function(err) {
					console.log(err);
					res.json({result: 'failure'});
				});
			}
		} catch(e) {console.log(e);}
	});

	app.post('/admin/venues/edit', isLoggedIn, function(req, res) {
		try {
			if(req.user.admin) {
				var id = req.body.id;
				var name = req.body.name;

				sequelize.models.Venue.findById(id, {}).then(function(venue) {
					venue.name = name;
					return venue.save();
				}).then(function() {
					res.json({result: 'success'});
				}).catch(function(err) {
					console.log(err);
					res.json({result: 'failure'});
				});
			}
		} catch(e) {console.log(e);}
	});

	app.get('/admin/measures/list', isLoggedIn, function(req, res) {
		try {
			var showDeleted = req.query.showDeleted == 'true';

			sequelize.models.Measure.findAll({paranoid: !showDeleted}).then(function(values) {
				res.json(values);
			});
		}
		catch(e) {console.log(e);}
	});

	app.post('/admin/measures/create', isLoggedIn, function(req, res) {
		try {
			if(req.user.admin) {
				var name = req.body.name;
				var postfix = req.body.postfix;

				sequelize.models.Measure.create({
					name: name,
					postfix: postfix
				}).then(function(user) {
					res.json({result: 'success'});
				}).catch(function(err) {
					console.log(err);
					res.json({result: 'duplicate'});
				});
			}
		} catch(e) {console.log(e);}
	});

	app.post('/admin/measures/delete', isLoggedIn, function(req, res) {
		try {
			if(req.user.admin) {
				var id = req.body.id;

				sequelize.models.Measure.destroy({where: {id: id}}).then(function(count) {
					if(count == 1) {
						res.json({result: 'success'});
					}
					else {
						res.json({result: 'failure'});
					}
				}).catch(function(err) {
					console.log(err);
					res.json({result: 'failure'});
				});
			}
		} catch(e) {console.log(e);}
	});

	app.post('/admin/measures/edit', isLoggedIn, function(req, res) {
		try {
			if(req.user.admin) {
				var id = req.body.id;
				var name = req.body.name;
				var postfix = req.body.postfix;

				sequelize.models.Measure.findById(id, {}).then(function(measure) {
					measure.name = name;
					measure.postfix = postfix;
					return measure.save();
				}).then(function() {
					res.json({result: 'success'});
				}).catch(function(err) {
					console.log(err);
					res.json({result: 'failure'});
				});
			}
		} catch(e) {console.log(e);}
	});

	app.get('/admin/categories/list', isLoggedIn, function(req, res) {
		try {
			var showDeleted = req.query.showDeleted == 'true';

			sequelize.models.Category.findAll({paranoid: !showDeleted}).then(function(values) {
				res.json(values);
			});
		}
		catch(e) {console.log(e);}
	});

	app.post('/admin/categories/create', isLoggedIn, function(req, res) {
		try {
			if(req.user.admin) {
				var name = req.body.name;

				sequelize.models.Category.create({
					name: name
				}).then(function(user) {
					res.json({result: 'success'});
				}).catch(function(err) {
					console.log(err);
					res.json({result: 'duplicate'});
				});
			}
		} catch(e) {console.log(e);}
	});

	app.post('/admin/categories/delete', isLoggedIn, function(req, res) {
		try {
			if(req.user.admin) {
				var id = req.body.id;

				sequelize.models.Category.destroy({where: {id: id}}).then(function(count) {
					if(count == 1) {
						res.json({result: 'success'});
					}
					else {
						res.json({result: 'failure'});
					}
				}).catch(function(err) {
					console.log(err);
					res.json({result: 'failure'});
				});
			}
		} catch(e) {console.log(e);}
	});

	app.post('/admin/categories/edit', isLoggedIn, function(req, res) {
		try {
			if(req.user.admin) {
				var id = req.body.id;
				var name = req.body.name;

				sequelize.models.Category.findById(id, {}).then(function(category) {
					category.name = name;
					return category.save();
				}).then(function() {
					res.json({result: 'success'});
				}).catch(function(err) {
					console.log(err);
					res.json({result: 'failure'});
				});
			}
		} catch(e) {console.log(e);}
	});

	app.get('/admin/subcategories/list', isLoggedIn, function(req, res) {
		try {
			var showDeleted = req.query.showDeleted == 'true';

			sequelize.models.Subcategory.findAll({paranoid: !showDeleted}).then(function(values) {
				res.json(values);
			});
		}
		catch(e) {console.log(e);}
	});

	app.post('/admin/subcategories/create', isLoggedIn, function(req, res) {
		try {
			if(req.user.admin) {
				var name = req.body.name;

				sequelize.models.Subcategory.create({
					name: name
				}).then(function(user) {
					res.json({result: 'success'});
				}).catch(function(err) {
					console.log(err);
					res.json({result: 'duplicate'});
				});
			}
		} catch(e) {console.log(e);}
	});

	app.post('/admin/subcategories/delete', isLoggedIn, function(req, res) {
		try {
			if(req.user.admin) {
				var id = req.body.id;

				sequelize.models.Subcategory.destroy({where: {id: id}}).then(function(count) {
					if(count == 1) {
						res.json({result: 'success'});
					}
					else {
						res.json({result: 'failure'});
					}
				}).catch(function(err) {
					console.log(err);
					res.json({result: 'failure'});
				});
			}
		} catch(e) {console.log(e);}
	});

	app.post('/admin/subcategories/edit', isLoggedIn, function(req, res) {
		try {
			if(req.user.admin) {
				var id = req.body.id;
				var name = req.body.name;

				sequelize.models.Subcategory.findById(id, {}).then(function(subcategory) {
					subcategory.name = name;
					return subcategory.save();
				}).then(function() {
					res.json({result: 'success'});
				}).catch(function(err) {
					console.log(err);
					res.json({result: 'failure'});
				});
			}
		} catch(e) {console.log(e);}
	});

	app.get('/admin/items/list', isLoggedIn, function(req, res) {
		try {
			var showDeleted = req.query.showDeleted == 'true';

			sequelize.models.Item.findAll({paranoid: !showDeleted}).then(function(values) {
				res.json(values);
			});
		}
		catch(e) {console.log(e);}
	});

	app.post('/admin/items/create', isLoggedIn, function(req, res) {
		try {
			if(req.user.admin) {
				var name = req.body.name;
				var defaultPrice = req.body.defaultPrice;
				var measures = req.body.measures;

				sequelize.models.Item.create({
					name: name,
					defaultPrice: defaultPrice,
					measures: measures
				}).then(function(user) {
					res.json({result: 'success'});
				}).catch(function(err) {
					console.log(err);
					res.json({result: 'duplicate'});
				});
			}
		} catch(e) {console.log(e);}
	});

	app.post('/admin/items/delete', isLoggedIn, function(req, res) {
		try {
			if(req.user.admin) {
				var id = req.body.id;

				sequelize.models.Item.destroy({where: {id: id}}).then(function(count) {
					if(count == 1) {
						res.json({result: 'success'});
					}
					else {
						res.json({result: 'failure'});
					}
				}).catch(function(err) {
					console.log(err);
					res.json({result: 'failure'});
				});
			}
		} catch(e) {console.log(e);}
	});

	app.post('/admin/items/edit', isLoggedIn, function(req, res) {
		try {
			if(req.user.admin) {
				var id = req.body.id;
				var name = req.body.name;
				var defaultPrice = req.body.defaultPrice;
				var measures = req.body.measures;

				sequelize.models.Item.findById(id, {}).then(function(item) {
					item.name = name;
					item.defaultPrice = defaultPrice;
					item.measures = measures;
					return item.save();
				}).then(function() {
					res.json({result: 'success'});
				}).catch(function(err) {
					console.log(err);
					res.json({result: 'failure'});
				});
			}
		} catch(e) {console.log(e);}
	});
	
	app.get('/admin/getCategories', isLoggedIn, function(req, res) {
		sequelize.models.Category.findAll({attributes: ['id', 'name', 'visible'], order: [['name', 'DESC'], ['visible', 'DESC']]}).then(function(values) {
			res.json(values);
		});
	});
	
	app.get('/admin/getSubcategories', isLoggedIn, function(req, res) {
		sequelize.models.Subcategory.findAll({where: {categoryId: req.query.id}, attributes: ['id', 'name', 'visible'], order: [['name', 'DESC'], ['visible', 'DESC']]}).then(function(values) {
			res.json(values);
		}).catch(function(error) {
			console.log(error);
			res.json("[]");
		});
	});
	
	app.get('/admin/getItems', isLoggedIn, function(req, res) {
		sequelize.models.Item.findAll({where: {subcategoryId: req.query.id}, attributes: ['id', 'name', 'counts', 'visible', 'subcategoryId'], order: [['name', 'DESC'], ['visible', 'DESC']]}).then(function(values) {
			res.json(values);
		});
	});
	
	app.get('/admin/getMeasures', isLoggedIn, function(req, res) {
		sequelize.models.Measure.findAll({attributes: ['id', 'name', "image", 'postfix', 'visible'], order: [['name', 'DESC'], ['visible', 'DESC']]}).then(function(values) {
			res.json(values);
		});
	});
	
	app.get('/admin/getVenues', isLoggedIn, function(req, res) {
		sequelize.models.Venue.findAll({attributes: ['id', 'name', 'visible'], order: [['name', 'DESC'], ['visible', 'DESC']]}).then(function(values) {
			res.json(values);
		});
	});
	
	app.get('/admin/toggleVenueVisibility', isLoggedIn, function(req, res) {
		sequelize.models.Venue.find({where: {id: req.query.id}, attributes: ['id', 'name', 'visible']}).then(function(venue) {
			if(venue) {
				venue.visible = venue.visible ? false : true;
				venue.save().then(function() {
					res.json({visible: venue.visible});
				}).catch(function(error) {
					res.json({error: error});
				});
			}
			else {
				res.json({error: "Can't find the venue!"});
			}
		});
	});
	
};

// route middleware to make sure a user is logged in
function isLoggedIn(req, res, next) {
    if(req.isAuthenticated()) return next();

    //Redirect if the user isn't logged in.
    res.redirect('/admin/login');
}